Skip to content

Commit

Permalink
fix: add debug log to trustchain resolve
Browse files Browse the repository at this point in the history
  • Loading branch information
@jcmelati
jcmelati committed Oct 19, 2024
1 parent a600c51 commit 249a099
Show file tree
Hide file tree
Showing 4 changed files with 295 additions and 215 deletions.
322 changes: 161 additions & 161 deletions modules/openapi/src/commonMain/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ info:
email: [email protected]
license:
name: Apache 2.0
url: http://www.apache.org/licenses/LICENSE-2.0.html
url: https://www.apache.org/licenses/LICENSE-2.0.html
version: 1.0.0-d38

tags:
Expand Down Expand Up @@ -2048,16 +2048,16 @@ components:
- $ref: '#/components/schemas/CommonMetadata'
- $ref: '#/components/schemas/OpenIDConnectDynamicClientRegistrationMetadata'
- $ref: '#/components/schemas/IANAOAuthDynamicClientRegistrationMetadata'
type: object
x-tags:
- federation
properties:
client_registration_types:
type: array
items:
$ref: '#/components/schemas/OpenIDConnectRelyingPartyClientRegistrationTypes'
required:
- client_registration_types
- type: object
x-tags:
- federation
properties:
client_registration_types:
type: array
items:
$ref: '#/components/schemas/OpenIDConnectRelyingPartyClientRegistrationTypes'
required:
- client_registration_types

OpenIDProviderRequestAuthenticationMethodsSupported:
type: object
Expand All @@ -2081,172 +2081,172 @@ components:
- $ref: '#/components/schemas/CommonMetadata'
- $ref: '#/components/schemas/OpenIDConnectDiscoveryProviderMetadata'
- $ref: '#/components/schemas/IANAOAuthAuthorizationServerMetadata'
type: object
x-tags:
- federation
required:
- client_registration_types_supported
properties:
client_registration_types_supported:
type: array
items:
type: string
description: Array specifying the federation types supported. Values are automatic and explicit.
federation_registration_endpoint:
type: string
format: uri
description: URL of the OP's federation-specific Dynamic Client Registration Endpoint. Must use the https scheme.
request_authentication_methods_supported:
$ref: '#/components/schemas/OpenIDProviderRequestAuthenticationMethodsSupported'
request_authentication_signing_alg_values_supported:
type: array
items:
type: string
description: JSON array containing supported JWS algorithms for signing the JWT used in the request parameter or private_key_jwt of a pushed authorization request. Must include if specified in request_authentication_methods_supported.
- type: object
x-tags:
- federation
required:
- client_registration_types_supported
properties:
client_registration_types_supported:
type: array
items:
type: string
description: Array specifying the federation types supported. Values are automatic and explicit.
federation_registration_endpoint:
type: string
format: uri
description: URL of the OP's federation-specific Dynamic Client Registration Endpoint. Must use the https scheme.
request_authentication_methods_supported:
$ref: '#/components/schemas/OpenIDProviderRequestAuthenticationMethodsSupported'
request_authentication_signing_alg_values_supported:
type: array
items:
type: string
description: JSON array containing supported JWS algorithms for signing the JWT used in the request parameter or private_key_jwt of a pushed authorization request. Must include if specified in request_authentication_methods_supported.

OAuthAuthorizationServerMetadata:
allOf:
- $ref: '#/components/schemas/CommonMetadata'
- $ref: '#/components/schemas/IANAOAuthAuthorizationServerMetadata'
type: object
x-tags:
- federation
properties:
issuer:
type: string
description: >
The authorization server's issuer identifier, which is
a URL that uses the "https" scheme and has no query or fragment
components. Authorization server metadata is published at a
location that is ".well-known" according to RFC 5785 derived from
this issuer identifier. The issuer identifier is used to prevent
authorization server mix-up attacks.
example: "https://example.com"
authorization_endpoint:
type: string
description: URL of the authorization server's authorization endpoint.
example: "https://example.com/oauth2/authorize"
token_endpoint:
type: string
description: URL of the authorization server's token endpoint.
example: "https://example.com/oauth2/token"
jwks_uri:
type: string
description: URL of the authorization server's JWK Set document.
example: "https://example.com/oauth2/jwks"
registration_endpoint:
type: string
description: URL of the authorization server's OAuth 2.0 Dynamic Client Registration endpoint.
example: "https://example.com/oauth2/register"
scopes_supported:
type: array
items:
type: string
description: JSON array containing a list of the OAuth 2.0 "scope" values that this authorization server supports.
example: [ "openid", "profile", "email" ]
response_types_supported:
type: array
items:
type: string
description: JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports.
example: [ "code", "token", "id_token" ]
response_modes_supported:
type: array
items:
type: string
description: JSON array containing a list of the OAuth 2.0 "response_mode" values that this authorization server supports.
example: [ "query", "fragment", "form_post" ]
grant_types_supported:
type: array
items:
type: string
description: JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports.
example: [ "authorization_code", "implicit", "client_credentials", "refresh_token" ]
token_endpoint_auth_methods_supported:
type: array
items:
type: string
description: JSON array containing a list of client authentication methods supported by this token endpoint.
example: [ "client_secret_basic", "private_key_jwt" ]
token_endpoint_auth_signing_alg_values_supported:
type: array
items:
type: string
description: JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client.
example: [ "RS256", "ES256" ]
service_documentation:
type: string
description: URL of a page containing human-readable information that developers might want or need to know when using the authorization server.
example: "https://example.com/service_documentation"
ui_locales_supported:
type: array
items:
type: string
description: Languages and scripts supported for the user interface, represented as a JSON array of language tag values from BCP 47.
example: [ "en-US", "fr-FR" ]
op_policy_uri:
type: string
description: URL that the authorization server provides to the person registering the client to read about the authorization server's requirements on how the client can use the data provided by the authorization server.
example: "https://example.com/op_policy"
op_tos_uri:
type: string
description: URL that the authorization server provides to the person registering the client to read about the authorization server's terms of service.
example: "https://example.com/op_tos"
revocation_endpoint:
type: string
description: URL of the authorization server's OAuth 2.0 revocation endpoint.
example: "https://example.com/oauth2/revoke"
revocation_endpoint_auth_methods_supported:
type: array
items:
type: string
description: JSON array containing a list of client authentication methods supported by this revocation endpoint.
example: [ "client_secret_basic", "private_key_jwt" ]
revocation_endpoint_auth_signing_alg_values_supported:
type: array
items:
type: string
description: JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint for the signature on the JWT used to authenticate the client.
example: [ "RS256", "ES256" ]
introspection_endpoint:
type: string
description: URL of the authorization server's OAuth 2.0 introspection endpoint.
example: "https://example.com/oauth2/introspect"
introspection_endpoint_auth_methods_supported:
type: array
items:
type: string
description: JSON array containing a list of client authentication methods supported by this introspection endpoint.
example: [ "client_secret_basic", "private_key_jwt" ]
introspection_endpoint_auth_signing_alg_values_supported:
type: array
items:
type: string
description: JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client.
example: [ "RS256", "ES256" ]
code_challenge_methods_supported:
type: array
items:
type: string
description: JSON array containing a list of Proof Key for Code Exchange (PKCE) code challenge methods supported by this authorization server.
example: [ "plain", "S256" ]
- type: object
x-tags:
- federation
properties:
issuer:
type: string
description: >
The authorization server's issuer identifier, which is
a URL that uses the "https" scheme and has no query or fragment
components. Authorization server metadata is published at a
location that is ".well-known" according to RFC 5785 derived from
this issuer identifier. The issuer identifier is used to prevent
authorization server mix-up attacks.
example: "https://example.com"
authorization_endpoint:
type: string
description: URL of the authorization server's authorization endpoint.
example: "https://example.com/oauth2/authorize"
token_endpoint:
type: string
description: URL of the authorization server's token endpoint.
example: "https://example.com/oauth2/token"
jwks_uri:
type: string
description: URL of the authorization server's JWK Set document.
example: "https://example.com/oauth2/jwks"
registration_endpoint:
type: string
description: URL of the authorization server's OAuth 2.0 Dynamic Client Registration endpoint.
example: "https://example.com/oauth2/register"
scopes_supported:
type: array
items:
type: string
description: JSON array containing a list of the OAuth 2.0 "scope" values that this authorization server supports.
example: [ "openid", "profile", "email" ]
response_types_supported:
type: array
items:
type: string
description: JSON array containing a list of the OAuth 2.0 "response_type" values that this authorization server supports.
example: [ "code", "token", "id_token" ]
response_modes_supported:
type: array
items:
type: string
description: JSON array containing a list of the OAuth 2.0 "response_mode" values that this authorization server supports.
example: [ "query", "fragment", "form_post" ]
grant_types_supported:
type: array
items:
type: string
description: JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports.
example: [ "authorization_code", "implicit", "client_credentials", "refresh_token" ]
token_endpoint_auth_methods_supported:
type: array
items:
type: string
description: JSON array containing a list of client authentication methods supported by this token endpoint.
example: [ "client_secret_basic", "private_key_jwt" ]
token_endpoint_auth_signing_alg_values_supported:
type: array
items:
type: string
description: JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client.
example: [ "RS256", "ES256" ]
service_documentation:
type: string
description: URL of a page containing human-readable information that developers might want or need to know when using the authorization server.
example: "https://example.com/service_documentation"
ui_locales_supported:
type: array
items:
type: string
description: Languages and scripts supported for the user interface, represented as a JSON array of language tag values from BCP 47.
example: [ "en-US", "fr-FR" ]
op_policy_uri:
type: string
description: URL that the authorization server provides to the person registering the client to read about the authorization server's requirements on how the client can use the data provided by the authorization server.
example: "https://example.com/op_policy"
op_tos_uri:
type: string
description: URL that the authorization server provides to the person registering the client to read about the authorization server's terms of service.
example: "https://example.com/op_tos"
revocation_endpoint:
type: string
description: URL of the authorization server's OAuth 2.0 revocation endpoint.
example: "https://example.com/oauth2/revoke"
revocation_endpoint_auth_methods_supported:
type: array
items:
type: string
description: JSON array containing a list of client authentication methods supported by this revocation endpoint.
example: [ "client_secret_basic", "private_key_jwt" ]
revocation_endpoint_auth_signing_alg_values_supported:
type: array
items:
type: string
description: JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint for the signature on the JWT used to authenticate the client.
example: [ "RS256", "ES256" ]
introspection_endpoint:
type: string
description: URL of the authorization server's OAuth 2.0 introspection endpoint.
example: "https://example.com/oauth2/introspect"
introspection_endpoint_auth_methods_supported:
type: array
items:
type: string
description: JSON array containing a list of client authentication methods supported by this introspection endpoint.
example: [ "client_secret_basic", "private_key_jwt" ]
introspection_endpoint_auth_signing_alg_values_supported:
type: array
items:
type: string
description: JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client.
example: [ "RS256", "ES256" ]
code_challenge_methods_supported:
type: array
items:
type: string
description: JSON array containing a list of Proof Key for Code Exchange (PKCE) code challenge methods supported by this authorization server.
example: [ "plain", "S256" ]

OAuthClientMetadata:
allOf:
- $ref: '#/components/schemas/CommonMetadata'
- $ref: '#/components/schemas/OAuthDynamicClientMetadata'
- $ref: '#/components/schemas/IANAOAuthDynamicClientRegistrationMetadata'
type: object
x-tags:
- federation
- type: object
x-tags:
- federation

OAuthProtectedResourceMetadata:
allOf:
- $ref: '#/components/schemas/CommonMetadata'
- $ref: '#/components/schemas/ProtectedResourceMetadata'
type: object
x-tags:
- federation
- type: object
x-tags:
- federation

ProtectedResourceMetadata:
type: object
Expand Down
1 change: 1 addition & 0 deletions ...enid-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/crypto/Crypto.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import kotlinx.serialization.json.jsonArray
import kotlinx.serialization.json.jsonObject
import kotlinx.serialization.json.jsonPrimitive


interface ICryptoService {
suspend fun verify(
jwt: String,
Expand Down
Loading

0 comments on commit 249a099

Please sign in to comment.